Two individuals walked onto the main stage of ETHGlobal Sydney last week. They did not wave project banners. They did not thank the DAO. They made one thing clear: they are here as themselves, not as representatives of the protocol they helped build for three years.

That protocol is Yerba, a liquid staking fork that peaked at $2.8 billion TVL during the Shanghai upgrade frenzy. The two individuals are the lead smart contract engineer and a former core contributor who left the project six months ago. Their public statement — "we are not here on behalf of Yerba DAO" — was parsed by the audience as humility. I parsed it as a security event.
Because in crypto, representation is not a social nicety. It is an attack surface.
Context: The Architecture of Delegated Authority
Yerba DAO launched in 2022 with a standard ERC-20 wrapper and a multi-sig treasury managed by seven signers. The protocol’s governance is structured around a token-weighted vote on parameter changes, but the actual code deployment has always been executed by a rotating set of three core devs. The two who spoke in Sydney were the ones who wrote the minting logic and the emergency pause function. They still hold admin-level keys to the protocol's GitHub and the CI/CD pipeline.
After they left the project, the DAO did not revoke their access. The official reasoning: "They might need to audit past contracts." The unofficial truth: nobody wanted to offend them.
This is the vulnerability that everyone in the room missed. The "representative" frame is a trust contract. When two people publicly sever that contract, the underlying infrastructure inherits the rupture.
Core: The Forensic Dissection of a Broken Trust Vector
Let me name the risk explicitly: *The code speaks louder than the whitepaper, but the who behind the code speaks louder than both.*
I spent three hours reconstructing Yerba’s on-chain permission map. Here is what I found:
- The two individuals still hold admin privileges on the Gnosis Safe multi-sig used for the protocol’s treasury. The safe has a 5-of-7 threshold. With the two now effectively "unaffiliated," the threshold effectively drops to 5-of-5 if they cooperate with any three remaining signers. But the problem is not collusion. The problem is latency of revocation.
- The DAO’s governance proposal to remove their keys passed two days ago with 78% approval. But on-chain execution requires a timelock of 48 hours. At the time of writing, the timelock is still active. That window is the danger zone. Complexity is the enemy of security, and a 48-hour timelock in a bull market is a standing invitation for a bank run.
- The more subtle problem is psychological. The two individuals are now explicitly "outsiders" who have publicly declared they are not aligned with the DAO. Yet they still possess insider knowledge: the private key storage habits of old signers, the bypass used during testnet deployment, the naming conventions of hidden admin functions. Their statement of non-representation does not delete that asymmetry. It widens it.
This is not a code exploit. It is a governance exploit that uses the gap between social representation and technical authority. The DAO believed that a public statement was equivalent to access revocation. It is not. Transaction submission on Ethereum does not care about Twitter announcements.
Contrarian: What the Bulls Got Right
I have to acknowledge the counter-intuitive side: the two developers are not malicious. I reviewed their transaction history on Base scan. The last time they moved any Yerba governance tokens was 14 months ago. Their wallets are silent. Their public appearance was precisely to draw attention to the risk, not to exploit it.
In fact, their "non-representation" statement can be interpreted as a transparent handover. They are signaling that the DAO should not rely on them. This is more ethical than the common practice of "zombie signers" — former contributors who remain nominally attached to the multisig while ignoring ping requests. At least these two made a declaration.

Furthermore, the bull market euphoria has inflated TVL across liquid staking forks. Yerba’s current $1.9 billion TVL means the treasury has enough buffer to absorb a panic withdrawal event. From a pure financial perspective, the risk is contained. The market did not react to the news — YERB token price dropped 3% and recovered within an hour.
But that is exactly the illusion. Volatility is just unaccounted-for variables. The market is pricing in the absence of an exploit, not the presence of a resolved governance gap. The gap remains. And in a bull market, the next exploit is often triggered by complacency, not malice.
Takeaway: The Accountability Call
If I were the governance lead at Yerba DAO, I would not wait for the timelock. I would initiate a secret transaction to manually rotate the owner of the proxy contract to a new set of signers with zero overlap. I would then destroy the old multi-sig. This is not paranoid. It is the cold routine of forensic code dissection.

The two Iranians at the World Cup final reminded us that representation is a claim, not a fact. The two developers in Sydney reminded us the same. Trust is a vulnerability vector. When you leave it unresolved, you are not being agile. You are leaving the backdoor open.
The code does not lie. But the signatures do — if the people behind them no longer align with the narrative. Verify the keys, not the speeches.